Convergence Radar Convergence Engine

← Feed

C

StableStack: cross-regulator stablecoin compliance workbench

59/100

One canonical CIP/KYC + reserve-attestation control library that emits OCC-, NCUA-, and FinCEN-CIP-specific policy documents and reporting templates for the new class of GENIUS Act stablecoin issuers.

Interesting but not urgent. Β· created 2026-07-12 17:02 UTC

cryptoregulationsaaspublic recordscompliancelong-termrevisit later

Scorecard

newness 9/10
convergence 9/10
demand evidence 8/10
existing spend 6/10
solo feasibility 5/10
speed to mvp 6/10
speed to revenue 5/10
distribution 6/10
competitive gap 6/10
expansion 8/10
founder fit 6/10

Penalty flags
enterprise sales long trust cycle (βˆ’9 from raw 68)

Opportunity brief

What changed
FACT: The GENIUS Act is being implemented in parallel by multiple regulators. Federal Register shows an OCC stablecoin-issuance proposed rule (2026-04089, 2026-03-02), a near-identical NCUA proposal for credit-union issuers (2026-09915, 2026-05-18), and a jointly-issued FinCEN/OCC/Fed/FDIC/NCUA 'Permitted Payment Stablecoin Issuer Customer Identification Program' proposed rule (2026-12460, 2026-06-22). Additional FinCEN/OFAC AML/CFT + sanctions program rules for PPSIs are proposed (2026-06963, 2026-12692). An OCC PRA notice (2026-11856) invites comment on new reporting forms for PPSIs.
Why now
FACT: All rules are on the rulemaking clock now; CIP rule proposed 2026-06-22. INFERENCE: First finalizations are plausibly 2-4 quarters out. The pre-final window is exactly when issuers build compliance programs β€” buying documentation tooling before the deadline hits, not after.
Converging signals
FACT: A federal statute plus at least three sibling regulators (OCC, NCUA, FinCEN-joint) issuing parallel proposed rules that impose the SAME core artifacts (CIP/KYC program, AML/CFT program, reserve attestation, reserve/redemption reporting) on the same emerging issuer class. The rule + the defined filer class (bank/CU/nonbank issuers) + the regulator portals meet at one point β€” a mapped, multi-agency compliance obligation.
Customer pain
HYPOTHESIS (not directly evidenced in source): community banks, credit-union CUSOs, and nonbank fintech issuers wanting to issue payment stablecoins lack bank-grade compliance infrastructure and must produce agency-specific CIP/KYC, AML/CFT, reserve-attestation and reporting artifacts. The convergence description asserts 'none of these issuers has bank-grade compliance infrastructure' β€” treat as reasonable inference, not proven fact.
Who pays
Community banks and credit-union CUSOs planning stablecoin issuance, nonbank fintech issuers, and the law firms / compliance consultants who serve them (white-label channel). BENEFICIARY = the issuer needing to file; BUYER = the issuer's compliance officer or their outside counsel/consultant.
Solved today
Today: big-law regulatory counsel and Big-4/boutique bank-compliance consultants draft bespoke programs at high hourly/percentage fees; or issuers copy generic BSA/AML templates not mapped to the new PPSI rules. INFERENCE β€” no verified incumbent product yet exists for these specific 2026 proposed rules.
Why current solutions are bad
Bespoke counsel is expensive and slow, and does not scale across the three-plus overlapping rulebooks; generic templates aren't keyed to the OCC vs NCUA vs FinCEN-CIP versions and won't survive examiner review. The artifacts are ~90% identical across agencies but differ in the last 10% β€” exactly what a mapped control library automates.
Proposed product
A subscription compliance workbench: one canonical control library (CIP/KYC, AML/CFT, reserve composition, redemption, attestation schedule, reporting cadence) that maps each control to OCC / NCUA / PPSI-CIP requirements and emits agency-specific policy documents + reserve/reporting templates. Add a paid per-issuer onboarding packet. Position as documentation/authoring tooling and a redline tracker as proposed rules finalize β€” NOT as legal advice.
MVP version
A single canonical control library covering the CIP program (rule 2026-12460) plus OCC issuance requirements (2026-04089), rendered into a downloadable, editable CIP/KYC policy document and a reserve-attestation schedule template. Doc-generation + a per-rule requirement matrix; no portal submission needed at MVP because these are program artifacts filed/examined, not a single portal upload.
30-day build
Read and structure the four core rules (2026-04089, 2026-09915, 2026-12460, plus the OCC PRA reporting forms 2026-11856) into a control-to-requirement matrix. Build the doc-generation engine (control library β†’ policy PDF/DOCX). Interview 8-12 community-bank/CUSO compliance officers and 3-4 fintech-stablecoin counsel to validate pain and willingness to pay (this is the critical de-risking step β€” customer pain is currently hypothesis, not fact).
60-day build
Ship the paid workbench: OCC + CIP coverage, add NCUA mapping, a redline/diff view that flags when a proposed rule changes, and the onboarding-packet service. Recruit 2-3 law/consulting firms as white-label/referral channel. Publish a free 'GENIUS Act issuer compliance requirement matrix' as lead magnet + comment-letter bait to reach the exact buyer list.
90-day revenue plan
Convert pilots to annual subscriptions; sell onboarding packets per issuer. Target first paying issuers/firms. Because rules are still proposed, expect design partners now and volume when the first FINAL rule publishes (the leading indicator) β€” price a deposit/early-access tier to book revenue before finalization.
Distribution path
Content aimed at the compliance-officer buyer (requirement matrices, comment-letter analysis), direct outreach to community banks/CUSOs filing comments, and white-labeling through regulatory law/consulting firms who already own the relationship. No ad spend needed; the filer class is enumerable.
Pricing hypothesis
SaaS subscription ~$6k-$25k/yr per issuer scaled by asset size, plus a per-issuer onboarding packet ~$5k-$15k. White-label/firm seats at a higher tier. Undercuts bespoke counsel engagements that run well into six figures.
Technical difficulty
Low-to-moderate engineering (doc-generation, requirement matrix, versioned control library, redline diffing). The hard, defensible work is regulatory: correctly interpreting and maintaining the control-to-rule mapping as proposals finalize β€” requires paid regulatory counsel review to avoid shipping wrong artifacts.
Legal / regulatory risk
Real. Must avoid unauthorized practice of law and must not represent generated documents as compliance guarantees β€” position as authoring/documentation tooling with attorney-review disclaimers. Wrong mappings that fail an exam are a reputational/liability risk; mitigate with counsel review and clear 'not legal advice' framing. This is the primary risk, not licensure of the founder himself.
Platform dependency
None on a commercial platform β€” outputs are documents the issuer files with/keeps for federal regulators. No app-store or platform owner can deplatform it.
Founder fit
Strong on the government-mandate/forced-filer pattern the founder has shipped before (FMCSA ELDT). WEAKER than his ideal: the artifacts are compliance PROGRAMS reviewed by examiners, not a clean per-transaction portal upload, so monetization is subscription/packet rather than per-filing, and the domain (bank BSA/AML + reserve attestation) demands regulatory-counsel depth he'll have to buy. Buyers are sophisticated financial institutions, which lengthens the sales cycle versus a solo-operator filing tool.
Breakout potential
High if it becomes the default issuer-onboarding compliance layer as the stablecoin issuer class grows post-finalization; expandable to reserve-attestation monitoring, ongoing reporting automation against the OCC PPSI forms, and state money-transmitter overlays β€” 50-state replication of the pass-through pattern.
Final recommendation
PURSUE AS A VALIDATED PILOT, not a blind build. The forced-buyer/public-money shape is real and strong (multiple regulators, statutory mandate, enumerable filer class, hard artifacts). But unlike a per-filing portal tool, the buyer is a sophisticated financial institution and the pain is inferred, not evidenced. Spend the first 30 days on 8-12 buyer interviews and a free requirement-matrix lead magnet; only build the full workbench if issuers/firms confirm willingness to pay. Strong candidate, gated on that validation.
Next action
Extract the CIP rule (2026-12460), OCC issuance rule (2026-04089), and OCC PPSI reporting-forms notice (2026-11856) into a control-to-requirement matrix, publish it as a free lead magnet, and use it to book 8-12 discovery calls with community-bank/CUSO compliance officers and stablecoin counsel to confirm willingness to pay before building.

Kill arguments (adversarial)

Competitors

β€’ Fenergo / ComplyAdvantage / Fiserv-class KYC-AML vendors (link) β€” HYPOTHESIS: incumbent bank-compliance vendors can add PPSI templates to existing suites and own the institutional relationship β€” the main copy-by-incumbent risk.
β€’ Regulatory law firms / bank-compliance consultancies β€” Current bespoke solution; expensive and unscaled across the three overlapping rulebooks β€” the fee the workbench undercuts, but also a referral/white-label channel.

Source citations (facts)

β€’ [Proposed Rule] Permitted Payment Stablecoin Issuer Customer Identification Program β€” FinCEN with OCC, Fed, FDIC, NCUA jointly propose a mandatory CIP program for permitted payment stablecoin issuers β€” a forced-buyer artifact all issuers must produce.
β€’ [Proposed Rule] OCC implementation of the GENIUS Act for stablecoin issuance β€” OCC defines a federal route for OCC-supervised entities to issue payment stablecoins, creating compliance, attestation and reserve-reporting obligations.
β€’ [Proposed Rule] NCUA implementation of the GENIUS Act for credit-union stablecoin issuance β€” NCUA extends a near-identical issuance framework to credit-union subsidiaries, broadening the regulated issuer class needing the same artifacts.
β€’ [Proposed Rule] OCC PPSI AML/CFT and Sanctions Compliance Risk Management β€” OCC with FinCEN/OFAC proposes BSA/AML/sanctions program requirements for PPSIs β€” an additional mandated compliance artifact.
β€’ [Notice] OCC reporting forms and instructions for Permitted Payment Stablecoin Issuers β€” OCC invites comment on new PRA reporting forms for PPSIs β€” concrete evidence of a recurring reporting obligation the workbench can template.

Actions